Configuring and deploying the Kubernetes Anjuna Webhook

In the previous section, you uploaded the Anjuna Nitro Kubernetes containers to AWS ECR. In this section, you will configure the Anjuna Webhook (which requires one of the containers that we just uploaded to ECR).

Run the following commands to configure and deploy the Anjuna Webhook:

$ ./anjuna-k8s.sh --generate-webhook-cert
$ ./anjuna-k8s.sh --deploy-webhook

The first command (./anjuna-k8s.sh --generate-webhook-cert) creates a certificate that allows the Anjuna Webhook to securely communicate with the Kubernetes cluster. The webhook works over secure transport layer for which a TLS certificate is needed. This step generates a TLS certificate signed by Kubernetes cluster signer.

The second command (./anjuna-k8s.sh --deploy-webhook) creates the configuration (configmap/secrets) to deploy the Anjuna Webhook, and starts a Pod/service associated with the Anjuna Webhook. When this command completes, the Anjuna Webhook should be running as a Pod in your cluster, waiting for requests to create Pods that will run in a Nitro Enclave.

To confirm that the Anjuna Webhook is running, execute the following command:

$ kubectl get pods

The output will be similar to the following, depending on the number of nodes in the cluster. There will be one anjuna-nitro-device-manager-xxx Pod for each node in the cluster.

NAME                                READY   STATUS              RESTARTS   AGE
anjuna-nitro-device-manager-7wvkp   1/1     Running             0          2s
anjuna-nitro-device-manager-bq6fw   0/1     ContainerCreating   0          2s
anjuna-nitro-device-manager-kx5bv   0/1     ContainerCreating   0          2s
anjuna-nitro-webhook-app            1/1     Running             0          7s

Congratulations, the Anjuna Webhook is installed in your cluster, and it is ready to intercept Pod creation events and automatically create Nitro Enclaves.